Hi,
I have been playing around with delaying smtp connections instead of
just rejecting them if they are clearly spam (simplest case: HELO with
my own IP address). Now I got a couple of questions about this. I'm not
a total exim beginner, but as you might see from my questions I'm far
from expert level, and this areas is kinda new for me. I read a lot
about this on the web, but still don't quite get it...
- when an ACL hits a delay (e.g. bad HELO), there won't be any message
in the logfile until the delay is over. Is there any way to make exim
generate a message in the logfile like "bad HELO, delaying for x
minutes" as soon as the condition is hit, and not after the delay? That
way, not only could I see what's going on, but also how long I am
effectively holding up the spammer.
- it seems like executing "exiwhat" will cancel all current delays.
E.g., when I delay for 5 minutes, but someone runs exiwhat 10 seconds
into the delay, exim seems to go on with this connection instead of
waiting till the 5 minutes are over. Is this intended? Is there any
other tool I could use that does keep the delays "running"?
- I have read about sending "continuation lines" instead of just
delaying. What's the benefit of this? And then: How do I do that?
- For delays that I don't use "just in case because something does not
look right" but for connections that I KNOW I will reject anyway, is
there something to just "drop" the connection? Basically the spam server
would wait for my reponse either way, but opposed to an "infinite delay"
a "just don't care about that connection anymore" might free up resources
- When I delay for 5 minutes before rejecting, and the client just
closes the connection right away (like me closing the telnet window), it
seems like exim still waits the 5 minutes and then writes his logfile.
Any chance to catch the fact that the other side dropped? I guess not
since the other side is only waiting (is this where continuation lines
come into play?)
Thanks a lot for helping me out!
Christian